Re: Exporting "lastlogon" info for machine accounts in a Win2K domain

The field that may work best for this purpose is Pwd Last Set. Computers will reset the computer account password periodically. Viewing this it is usually fairly easy to see which are beyond a 'normal' range.

This is exportable, or you can simply right-click on the Computers object and choose Tabular Views->Computer(Detailed). When this finishes you can sort on the Pwd Last Set column.

Re: Exporting "lastlogon" info for machine accounts in a Win2K domain

This works great for my AD network but on an NT domain the tabular views isn't in the Computer object's quick menu. Any suggestions?

Re: Exporting "lastlogon" info for machine accounts in a Win2K domain

Tabular Views are only for Windows 2000 domains as this gets data from AD.

For NT domains, your computer accounts are listed under the Domain Users group as computer$. You have to expand the Global Groups option, then the Domain Users object under there shows you these accounts. Right-click on it, then choose View All User Details. This will display all users and computer accounts along with all of their properties, including Password Age in the right window.

You can filter this list to only show you computer accounts after they are displayed in the right window. Go to Edit->Find/Filter, type in $ for the search string, and for column choose UserName. Check the box to Filter out records that DO NOT match the search string and click OK.

This will leave you with only the computer accounts and you can sort by password age by clicking on the field header for password age. Password age is relevant because computers will change their password with the domain periodically, I believe the default might be around 7-10 days.

So, any accounts that have a large number of days since last change will be suspect and should be checked further to determine if they should be removed from the domain.